Malware posing as Microsoft IIS collects user form data

When you are the number one computer platform, you are also the logical choice as the top target for attacks. The bad guys all wish to capitalize on the huge user base on Windows. However, the latest attack is a bit different than what we are used to seeing. Trustwave SpiderLabs is reporting a new method of attack that has been found in the wild, where it’s attempting to collect form data.

The new instance of Malware is a DLL (dynamic-link library) file that is installed as an IIS (internet information server) module. “The malware is used by attackers to target sensitive information in POST requests, and has mechanisms in place for data exfiltration. Encryption is circumvented as the malware extracts this data from IIS itself”, the security researchers explain.

So far this does not seem to be widespread, and the only instances found in the wild have been targeting banking information, however the attack is capable of also going after user login information. The malware has been dubbed ISN and, despite the low incidence rate, Trustware still posts a rather dire warning — “at the time of writing this post, anti-virus do not currently detect any of the IIS modules dropped by this malware. The extremely low detection rate in collaboration with the malware’s targeted functionality makes this a very real threat”.

There’s little doubt that all major security companies will be working on detection methods and updating software as soon as possible. For now, it seems web surfers should not get too concerned, but definitely should keep an eye out for security updates and additional news. This is advice that should be followed at all times, not just when you get word of the latest attack.